170M Downloadable Facebook Profiles, Privacy #FAIL

If you are on facebook, and believe that its is a safe place to share your Personal stuff, take this: User data for 171 Million Facebook profiles has been leaked on to Torrents.

Facebook recently announced 500 Million users, of which 100 Million are leaked and are fully available, uncesored, unaltered for download on PirateBay. Every 3rd profile is available, and if these not so lucky users had most stuff in “info” tab open to Public, congratulations, its all in there.

Background:

A researcher, Ron Bowes, has compiled a list of more than 170 million Facebook users and the Web address of their profile page on the site and released it on a BitTorrent site, meaning it is making it accessible to millions of web users. Initially, he wrote a script to download all Facebook profiles listed in the social network’s public profile directory, which only includes people who have configured their settings for Public Search Listings to be available on Facebook.

He had the information published in his blog, which has been down for long now.

“I realized that this is a scary privacy issue,” Bowes wrote. “I can find the name of pretty much every person on Facebook.”

He also said:

“Once I have the name and URL of a user, I can view, by default, their picture, friends, information about them, and some other details,” he wrote. “If the user has set their privacy higher, at the very least I can view their name and picture. So, if any searchable user has friends that are non-searchable, those friends just opted into being searched, like it or not! Oops :)”

Checking Facebook Privacy settings: Goto “Account” and click on “Privacy Settings.” Then select “Basic Directory Information” and “View Settings.” If “Search for me on Facebook” is marked for “Everyone,” your information might be on the list.

With no surprises from Facebook, they were calm and cold as the restated the useless words “members have control over their settings and the information collected on them they had chosen to make public”. Even Facebook’s bug that lets Hackers delete User’s Friendlist, had cold responses from this company.

Facebook Privacy Flaw

Many Facebook members may not understand how they can configure their settings to avoid sharing more information than they would like to. Members have complained that they were forced to reset their privacy settings back to higher privacy when the company made changes to the site that undid their settings.

“Facebook isn’t going to do this for us; we have to do that for ourselves,” he said. “This is a solved problem (with cryptography)… it’s just that these sites aren’t going to implement it.”